In message <9f949ee6-6386-c986-698e-e4a46e6cf...@thelounge.net>, Reindl Harald
writes:
> Am 16.08.2016 um 11:04 schrieb Eivind Olsen:
> > I'm seeing some odd problems where BIND (9.10.4-P2) has issues resolving
> > getsurfed.com. This is when using the "510 Software Group" BIND 9.10 for
> > RHEL/
On Thu, Aug 18, 2016 at 11:27:01AM +0200, pm8...@t-online.de wrote:
> Dear all,
>
> As far as I understand, BIND is not only used for authoritative name
> servers, but is also often used as a (recursive) resolver.
> When receiving a response to a DNS query, does BIND match the source ip of
> th
On 8/18/16 1:29 PM, Jim Fenton wrote:
> The extra DNSKEY records were not present in the zone file of the master
> server, so I reinitiated a zone transfer and this did not help. I
> checked the signed zone file on the master with named-checkzone and only
> the desired DNSKEY records were there.
On 8/18/16 12:32 AM, Vinícius Ferrão wrote:
> OpenSSL 1.0 will continue to be supported. There's no rush to go to 1.1
> release.
>
> I can't see this as an issue.
You've never dealt with "The Doctor" before, have you?
signature.asc
Description: OpenPGP digital signature
__
Dear all,
As far as I understand, BIND is not only used for authoritative name
servers, but is also often used as a (recursive) resolver.
When receiving a response to a DNS query, does BIND match the source ip of
the response to the destination ip of the query and discard the response if
they
Am 16.08.2016 um 11:04 schrieb Eivind Olsen:
I'm seeing some odd problems where BIND (9.10.4-P2) has issues resolving
getsurfed.com. This is when using the "510 Software Group" BIND 9.10 for
RHEL/CentOS/Fedora.
why do you use a 3rd party package?
no problem here with bind-9.10.4-1.P2.fc24.x8
That is correct, as I have not setup the TSIG keys yet.
Also, I am still a bit confused on how this code should be implemented in
my conf file. In the example you posted that refers back to the link, where
would I place it in the context of my views on the master? Do I only need
that one stanza on
I think you are pretty close. One detail that you appear to be missing are is
in the linked document:
server 10.0.1.1 {
/* Deliver notify messages to external view. */
keys { external-key; };
};
Your slaves should have a similar statement in each view with the IP of the
master and the relevant
I am running bind 9.8.2 on a pair of RHEL 6 DNS servers.. One server is the
master, one is the slave. My goal is to setup 2 views so that our internal
folks can resolve hostnames to internal IP's while still allowing our
external customers to resolve from the outside. Both of these servers are
exte
In message , The Doctor writes:
> Vin?cius Ferr?o wrote:
> : OpenSSL 1.0 will continue to be supported. There's no rush to go to 1.1 rel
> ease.
>
> : I can't see this as an issue.
>
> Tell us that when openssl 1.0 starts to disappear.
It was mostly accessor functions were missing which I wasn
I recently switched from external signing of my zone to use of BIND 9.9
inline signing. While things went fairly smoothly on the master server,
my slave ended up with a bunch of spurious DNSKEY records that came from
my previous keys (I generated new keys when I went to inline signing).
The extra
Well, the cost/benefits/risks of separating authoritative and recursive on
different *servers* (as opposed to different NICs, views, or whatever) is
actually a hotly-debated topic among experts. I know some non-DNS-expert
opinions, from the InfoSec side of the house, consider hardware-level
sep
As I read it, you have to buy the "flattening" as an extra service from
CloudFlare. Their default is to give CNAME at the apex, intentionally violating
RFCs.
What a concept: charging extra for RFC-compliance.
Vin?cius Ferr?o wrote:
: OpenSSL 1.0 will continue to be supported. There's no rush to go to 1.1
release.
: I can't see this as an issue.
Tell us that when openssl 1.0 starts to disappear.
: Sent from my iPhone
: > On Aug 17, 2016, at 23:38, The Doctor wrote:
: >
: >> On Thu, Aug 18, 2016
On 18 August 2016 at 01:04, anup albal wrote:
> Does that mean I setup another forwarding zone called microsoft.com or
> sharepoint.microsoft.com or both?
Ideally you should setup a completely separate caching/forwarding
server and not be using the external DNS box (NS1) for this purpose.
On the
On 18 August 2016 at 02:07, Barry Margolin wrote:
> That's why Cloudflare's method is "RFC-compliant", but what MS is doing
> with sharepoint.com is not.
Microsoft's DNS implementation allows CNAMEs at the zone apex, correct
it's not RFC compliant, but this is Microsoft...
___
16 matches
Mail list logo
